/*
 * Copyright 2009 Biz-e (info@biz-e.nl)
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 * http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package nl.biz_e.acl.server.restapi;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import nl.biz_e.acl.server.logic.AuthorizationCheck;

/**
 * A simple servlet providing simple REST access to authorization rules.<br/>
 * For explanation of the API, see the <a
 * href="./package-summary.html">package</a> description.
 * 
 * @author Joost A. Bloemsma
 * 
 */
public class AuthorizationCheckServlet extends HttpServlet {
    private static final long serialVersionUID = 1L;
    private String userId;
    private String contextId;
    /** The name of the request aprameter for the user id */
    public static final String USERPARM = "USERAUTHID";
    /** The name of the request aprameter for the context id */
    public static final String CONTEXTPARM = "CONTEXTID";

    /**
     * {@inheritDoc}
     */
    @Override
    protected void doGet(HttpServletRequest req, HttpServletResponse resp)
            throws ServletException, IOException {
        PrintWriter writer = resp.getWriter();
        try {
            parseParams(req);
            writer.println(this.getAuthorization());
        } catch (Exception e) {
            writer.println("Some error occured!");
            writer.println(e.getMessage());
        }
        writer.flush();
    }

    private String getAuthorization() {
        boolean isAuthorized = AuthorizationCheck.isAuthorized(userId,
                contextId);
        StringBuffer xmlOut = new StringBuffer();
        xmlOut.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
        xmlOut.append("<response><user><authid>");
        xmlOut.append(userId);
        xmlOut.append("</authid></user>");
        xmlOut.append("<context><ctxid>");
        xmlOut.append(contextId);
        xmlOut.append("</ctxid></context>");
        xmlOut.append("<result>");
        xmlOut.append(Boolean.toString(isAuthorized).toLowerCase());
        xmlOut.append("</result></response>");
        return xmlOut.toString();
    }

    private void parseParams(HttpServletRequest req)
            throws IllegalStateException {
        userId = req.getParameter(USERPARM);
        contextId = req.getParameter(CONTEXTPARM);
        if ((userId == null) || (contextId == null))
            throw new IllegalStateException("All params are needed");
        return;

    }

}
